http://www.washingtonpost.com/wp-dyn/articles/A53172-2002Jul23.html By Ellen McCarthy Washington Post Staff Writer Wednesday, July 24, 2002; Page E05 Internet security issues need to be addressed in boardrooms and executive suites, not just data centers and network storage closets. That's the message one industry organization is trying to convey by targeting the upper echelon of management with a guide on how to ward off potential threats. The guide, to be released today by the Internet Security Alliance, recommends that executives adopt 10 key practices in order to protect their organizations' vulnerable networks and content. The Arlington-based alliance is the joint effort of Carnegie Mellon University's Software Engineering Institute, the institute's CERT Coordination Center and the Electronics Industries Alliance. "We've been dealing over the years with a lot of security incidents, and typically we get the reports from the technical people, not the executives. Often they feel they are not getting the support that they need from the management," said Richard D. Pethia, director of CERT, formerly known as the Computer Emergency Response Team. "There has been an attitude across government and management that this is a technical issue and technicians should be able to deal with it." The guide, which will be available on the alliance's Web site (www.isalliance.org), suggests that senior managers identify the security risks within their organizations, create specific policies to address the problems, provide necessary funding to implement and maintain security measures, and make users accountable for their actions. Other recommendations include the use of system-monitoring tools, development of emergency recovery plans and the regulation of access to key physical assets. The guidelines are based on a study of current security practices used by the alliance's members and CERT research on management policy issues. The founders say they hope the guide will serve as an outline of crucial steps for all organizations, regardless of size or industry, Pethia said. Last week, the Center for Internet Security released a set of security standards and software that draws from the expertise of several government agencies, including the Pentagon and the National Security Agency. Pethia said that as executives realize how much financial risk is associated with potential security breaches, they have become more interested in ways to prevent them. "The awareness is really growing and has grown. Senior management is now paying attention, but we need to help them move beyond awareness and into understanding," Pethia said. "The pain level [from network attacks] is going up. We haven't had the big Pearl Harbor, but we have incidents every day. Right now we're suffering death by a million paper cuts." - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Jul 24 2002 - 06:41:01 PDT